Removed 'subscriber' cap from 'admin' role

This allows admins to test what happens when users do not have a subscription. To give the user subscriber capability, just grant demo role as well.
2017-12-06 11:59:01 +01:00 · 2017-12-06 11:59:01 +01:00 · 2bcc26860f
commit 2bcc26860f
parent 1e012f860b
4 changed files with 7 additions and 6 deletions
--- a/pillar/auth/init.py
+++ b/pillar/auth/init.py
@ -18,7 +18,7 @@ log = logging.getLogger(__name__)
 CAPABILITIES = collections.defaultdict(**{
    'subscriber': {'subscriber', 'home-project'},
    'demo': {'subscriber', 'home-project'},
-    'admin': {'subscriber', 'home-project', 'video-encoding', 'admin',
+    'admin': {'video-encoding', 'admin',
              'view-pending-nodes', 'edit-project-node-types'},
 }, default_factory=frozenset)

--- a/pillar/config.py
+++ b/pillar/config.py
@ -200,7 +200,7 @@ CELERY_BEAT_SCHEDULE = {
 USER_CAPABILITIES = defaultdict(**{
    'subscriber': {'subscriber', 'home-project'},
    'demo': {'subscriber', 'home-project'},
-    'admin': {'subscriber', 'home-project', 'video-encoding', 'admin',
+    'admin': {'video-encoding', 'admin',
              'view-pending-nodes', 'edit-project-node-types', 'create-organization'},
    'org-subscriber': {'subscriber', 'home-project'},
 }, default_factory=frozenset)
--- a/tests/test_api/test_auth.py
+++ b/tests/test_api/test_auth.py
@ -677,7 +677,7 @@ class RequireRolesTest(AbstractPillarTest):
        self.assertFalse(called[0])

        with self.app.test_request_context():
-            self.login_api_as(ObjectId(24 * 'a'), ['admin'])
+            self.login_api_as(ObjectId(24 * 'a'), ['demo'])
            call_me()
        self.assertTrue(called[0])

--- a/tests/test_api/test_project_management.py
+++ b/tests/test_api/test_project_management.py
@ -95,7 +95,7 @@ class ProjectCreationTest(AbstractProjectTest):
    def test_project_creation_access_admin(self):
        """Admin-created projects should be public"""

-        proj = self._create_user_and_project(roles={'admin'})
+        proj = self._create_user_and_project(roles={'admin', 'demo'})
        self.assertEqual(['GET'], proj['permissions']['world'])

    def test_project_creation_access_subscriber(self):
@ -311,13 +311,14 @@ class ProjectEditTest(AbstractProjectTest):

    def test_delete_by_admin(self):
        # Create public test project.
-        project_info = self._create_user_and_project(['admin'])
+        project_info = self._create_user_and_project(['admin', 'demo'])
        project_id = project_info['_id']
        project_url = '/api/projects/%s' % project_id

        # Create admin user that doesn't own the project, to check that
        # non-owner admins can delete projects too.
-        self._create_user_with_token(['admin'], 'admin-token', user_id='cafef00dbeefcafef00dbeef')
+        self._create_user_with_token(['admin'], 'admin-token',
+                                     user_id='cafef00dbeefcafef00dbeef')

        # Admin user should be able to DELETE.
        resp = self.client.delete(project_url,